<?php
    session_start();
//    echo "Login: ".$_SESSION["userID"]." ".$_SESSION["userType"];
    
    if(isset($_SESSION["userID"]) && !strcmp($_SESSION["userType"], "manager")){

    $productName = $_GET["productName"];
    $categoryID = $_GET["categoryID"];
    $minPrice = $_GET["minPrice"];
    $maxPrice = $_GET["maxPrice"];
    $startDate = $_GET["startDate"];
    $endDate = $_GET["endDate"];

    $con = mysql_connect("localhost", "zhouzhao", "19831022");
    if(!$con){
        die("could not connect to DB: ".mysql_error());
    }
    
    mysql_selectdb("cloudcom", $con);
    
    $sql = "select sales.* from products, sales where products.productID=sales.productID";
//    SELECT sales.* FROM products, sales where products.productID=sales.productID and products.productName='vm1'
    if(strlen($productName) != 0){
        $sql = $sql." and products.productName='$productName'";
    }
    
    if(strlen($categoryID) != 0){
        $sql = $sql." and products.categoryID=$categoryID";
    }
    
    if(strlen($minPrice) != 0){
        $sql = $sql." and products.productPrice>=$minPrice";
    }
    
    if(strlen($maxPrice) != 0){
        $sql = $sql." and products.productPrice<=$maxPrice";
    }
    
//    SELECT * FROM `sales` WHERE startDate>'2012-9-1'
    
    if(strlen($startDate) != 0){
        $sql = $sql." sales.startDate>='$startDate'";
    }
    
    if(strlen($endDate) != 0){
        $sql = $sql." sales.endDate<='$endDate'";
    }
    
    $result = mysql_query($sql);
    
    echo "query: $sql";
    echo "<table border='1' id='saleTable'>
            <tr>
                <th>ProductID</th>
                <th>Discount</th>
                <th>Start Date</th>
                <th>End Date</th>
            </tr>";
        
    while($row = mysql_fetch_assoc($result)){
        echo "<tr>";
        echo "<td>".$row["productID"]."</td>";
        echo "<td>".$row["discount"]."</td>";
        echo "<td>".$row["startDate"]."</td>";
        echo "<td>".$row["endDate"]."</td>";
        echo "</tr>";
    }
    echo "</table>";
    }else{
        require 'login.html';
    }
?>
